PHPJabbers Night Club Booking Software Rate Limiting Vulnerability in Forgot Password Feature

A denial-of-service vulnerability has been identified in PHPJabbers Night Club Booking Software version 1.0, stemming from a lack of rate limiting in the 'Forgot Password' feature. This oversight allows attackers to flood a legitimate user's email with excessive password reset requests, potentially overwhelming the user's inbox.

Impact

Exploitation of this vulnerability could lead to a denial-of-service condition for the affected user, caused by an influx of email messages.

Reproduction

To reproduce this vulnerability, log into the PHPJabbers Night Club Booking Software demo site. Use an email address that is already registered. Capture the request for the 'Forgot Password' feature using a tool like Burp Suite, and send it to the Intruder tab. Configure the Intruder to send multiple requests and start the attack. The result will be a large number of password reset emails sent to the registered email address.